On Tue, Dec 07, 2010 at 11:13:08AM +0100, Yann I. wrote:
Hello,
I would like to know whether syslog-ng can receive and manage logs which have the welf format ?
Regards,
Yann I.
Hi Yann, It depends on what you are trying to do with it. In principle it's supported and you can decode it with a patterndb if the fields in your WELF are predictable. If the fields are not that predictable it's going to be more difficult. I am using an extended WELF style format as a kind of IPC interface between downstream syslog-ngs that filter and break apart messages, and upstream ones that do database warehousing and anomaly detection. Processing a whole ton of large WELF messages at a high rate of speed is very tricky in Perl, because regexes are too slow and there is no good equivalent to strtok or other low level C style tokenization techniques. Can you supply sample messages so we could give you better advice? Matthew.